Skip to content

Create an Internal Virtual Switch with NAT Network in Hyper-V

A Hyper-V Virtual Switch (VS) is a software-based network switch that allows virtual machines (VMs) to communicate with each other, the host system, and external networks.
It provides the foundation for networking in Hyper-V environments and supports three main types: External, Internal, and Private.

  • External: Connects VMs to the physical network through the host’s network adapter.
  • Internal: Allows communication between VMs and the host only (no direct internet access).
  • Private: Enables communication only between VMs (no host or external connectivity).

This guide focuses on creating an Internal Virtual Switch with NAT (Network Address Translation), which is especially useful for lab or test environments.
By combining an internal switch with NAT, VMs can remain isolated from the production network while still having controlled internet access through the host system.

πŸ”§ Step-by-Step Instructions

Run PowerShell as Administrator

All commands below require elevated privileges.
Ensure that PowerShell is opened with Administrator privileges, otherwise the commands will fail.

🌐 1. Create a New Virtual Switch (Internal)

New-VMSwitch -SwitchName "LabSwitch" -SwitchType Internal

Explanation

This creates an Internal Hyper-V virtual switch named LabSwitch.

  • Internal switches allow communication between host and VMs.
  • They do not provide internet connectivity directly.
  • You can rename LabSwitch to anything you prefer.

Get the Interface Index of the New Adapter 

Get-NetAdapter

How to Use

  • Find the newly created LabSwitch interface.
  • Note the InterfaceIndex assigned to it (e.g., 49).
  • You’ll need this value in the next step.

Assign a Static IP Address to LabSwitch 

New-NetIPAddress -IPAddress 10.0.0.1 -PrefixLength 24 -InterfaceIndex 49

Custom Subnets

  • Replace 49 with the actual InterfaceIndex from step 3.
  • You can use any private IP subnet (e.g., 192.168.100.1/24, 172.16.0.1/24, etc.).

🌐 2. Create a NAT Network

New-NetNat -Name "NatSwitch" -InternalIPInterfaceAddressPrefix 10.0.0.0/24

Explanation

  • This command enables NAT for the subnet attached to the virtual switch.
  • You can rename NatSwitch to anything you prefer.
  • Ensure the AddressPrefix matches the range you used in the previous step.
Optional: Remove Network Components

  • Remove the Virtual Switch 

    Remove-VMSwitch "LabSwitch"

  • Remove NAT Object(s) 

    Get-NetNat          # List all existing NATs
Remove-NetNat -Name "NatSwitch"

  • Removes all the NAT objects on the current computer 

    Get-NetNat
Remove-NetNat

Cleanup Tip

Removing the NAT or switch will break VM connectivity. Only run these if you are decommissioning your lab network.

Networking Tips

  • Attach VMs to the LabSwitch virtual adapter to connect them to the internal NAT network.
  • VMs will use 10.0.0.1 as their gateway for internet access.
  • Configure IPs via manual DHCP or static assignment in the subnet (10.0.0.x/24).

πŸ”Ž Network Diagram

flowchart TD
    Host[Host Machine] --- LabSwitch["LabSwitch (Internal Virtual Switch)"]
    LabSwitch --- VM1[πŸ–₯️ VM1 - 10.0.0.10]
    LabSwitch --- VM2[πŸ–₯️ VM2 - 10.0.0.11]
    LabSwitch --- VM3[πŸ–₯️ VM3 - 10.0.0.12]

    LabSwitch --> Gateway["🌐 NAT Gateway (10.0.0.1)"]
    Gateway --> Internet((🌐 Internet))

The above diagram shows:

  • Host + VMs connected to LabSwitch
  • NAT Gateway (10.0.0.1) providing internet access
  • VMs using the same private subnet